Lucene search

[email protected]CVE-2007-5978

HistoryNov 15, 2007 - 12:46 a.m.

CVE-2007-5978

2007-11-1500:46:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2007-5978

sql injection

mylinks module

xoops

remote attackers

arbitrary sql commands

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.4 High

AI Score

Confidence

Low

0.067 Low

EPSS

Percentile

93.9%

JSON

SQL injection vulnerability in brokenlink.php in the mylinks module for XOOPS allows remote attackers to execute arbitrary SQL commands via the lid parameter.

Affected configurations

NVD

Node

xoopsmylinks_moduleMatch2.0.17.1

CPENameOperatorVersion
xoops:mylinks_modulexoops mylinks moduleeq2.0.17.1

CPE	Name	Operator	Version
xoops:mylinks_module	xoops mylinks module	eq	2.0.17.1

References

osvdb.org/38747

securityreason.com/securityalert/3362

www.securityfocus.com/archive/1/483525/100/0/threaded

www.securityfocus.com/bid/26392

exchange.xforce.ibmcloud.com/vulnerabilities/38370

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.4 High

AI Score

Confidence

Low

0.067 Low

EPSS

Percentile

93.9%

JSON

Related for CVE-2007-5978

nvd1 prion1 cvelist1